Cracking Mondex a two-week job, says UK expert

A major chip facility could break the smartcard-based Mondex electronic cash system franchised by New Zealand banks in two days with 'no possibility of a defence', according a Cambridge University expert. A relatively small commercial firm would take two to four weeks and charge around US$100,000. And a report prepared for Australian banks reveals doubts and misgivings about the Mondex technology.

A major chip facility could break the smartcard-based electronic cash system franchised by New Zealand banks in two days with no possibility of a defence, according a Cambridge University expert.

In a world-exclusive interview in this week’s Computerworld, Ross Anderson says that not only could a lab such as those run by Intel or Sandia break Mondex — or any other smartcard -— but so could relatively small commercial facilities, such as the Canadian firm Semiconductor Insights, which was alleged in a recent piracy prosecutiuon to have successfully reverse-engineered the Sky10 satellite TV card ASIC for a group of UK bootleggers.

Anderson, who helped design the first stored-value card system, estimates a firm such as Chipworks would take two to four weeks and charge about $US100,000 to break Mondex cards based on either the Hitachi 3101 chip, or the more robust 3109. Computerworld has approached Chipworks for an estimate.

Anderson also reveals that an important Cambridge study into the tamper-resistance of the 3109 chip, foreshadowed in a due diligence report prepared for Australian banks and obtained by Computerworld, is not being conducted by “the renowned Cambridge security group, but by an elderly physicist who doesn’t even have email”.

“Mondex’s original motive in signing him up appears to have been to stop me getting access to his equipment,” says Anderson.

The Australian report, prepared after research by a security team in May last year, shows that doubts about the Mondex security model were raised before banks in that country took up the Mondex franchise. At least one Australian bank, Commonwealth, regarded itself as having merely “bought an option”, say the authors. “Their belief appears to be that the underlying technology still has a way to go before implementation issues can be assessed in any detail.”

The authors say “the Australian effort to understand Mondex security through the due diligence process has been greater than that of other potential member groups.

“The Hong Kong Shanghai Bank franchise was essentially purchased on the strength of a business case, with only a cursory view of security. Similarly, comments from Natwest Mondex staff indicate that the US consortium’s due diligence was not as comprehensive/inquisitive as the Australian effort.”

In particular, the report notes “differences in initial understanding” between the security team and Mondex over value protection measures, which would not include a “hot list” scheme, but would rest on a strategy of “prevention, detection and recovery”.

This, it says, “makes the risk management database crucial for the detection of value being added to the scheme. However, the due diligence team were unable to obtain any proof of the efficiency of the risk management database.”

Australian banks, says the report, also appear to have been unclear on the meaning of the “fitness of purpose” statement made by Mondex. It says that this “purpose” is not explicitly defined in the participation agreement.

“Statements in the agreement tend to indicate that the purpose is confined to ‘low value payments’. The Australian banks appear to have a more expansive view or expectation that purpose covers large denomination transactions.”

The report covers three significant changes to the system as compared to the first Mondex trial in Swindon.

• The security and reliability of the chip had been increased with the 3109, which had been made with a 0.8 micron process. But “the risk remains that a significant technical weakness could be found in the 3109 chip.”

• Mondex had demonstrated its support for a public key cryptography system, rather than the private key system used in Swindon. “Mondex has reputedly performed public key cryptography using the card in less than two seconds. However, this performance claim is somewhat nebulous as they have refused to disclose the key size (ie: performance is related directly to key size in most public key implementations).”

• The operating system used in the Swindon trial would be replaced with MAOS (Multiple Application Operating System), which would enhance the value and usefulness of the card and perhaps also be taken up for use on non-Mondex cards. But it noted the risks that MAOS, then set down for delivery on January 1, 1998, “is an ambitious project with a high risk of failing to meet scheduled delivery”.

Note: It was stated in last week’s Computerworld that Interfraud research director Tom Trusty was hired by New Zealand banks to work on Mondex implementation. Trusty was in fact hired by one of the Mondex banks to work on general merger issues and shortly thereafter invited to work on Mondex because of his risk management expertise, and to liaise with the other banks in the Mondex consortium. His research into Mondex began before his employment in New Zealand.

Mondex New Zealand chief Jeremy Deane has advised Computerworld that the New Zealand bank consortium has contacted Mondex International for support material to prepare a response to last week’s Mondex story. This will be covered when it arrives.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.